Our terms: We reserve the right to edit or delete any comment, so please post thoughtfully. We use your email address only to send you a one-time verification message confirming that you posted this comment. We also store your address to allow you to verify using other Web browsers in the future. For more info, see our privacy policy.

OS X 10.8.5 Fixes Nasty Text Rendering Bug

While Apple continues to move toward the upcoming debut of OS X 10.9 Mavericks, the company has quietly pushed out OS X Mountain Lion Update 10.8.5 with a handful of stability and performance fixes. The free update is available via the Mac App Store, with delta (273.72 MB — from 10.8.4) and combo (831.13 MB — from any previous version of 10.8) updaters ready for download from Apple’s Web site. Though we haven’t heard of any significant problems with the update, it’s always a good idea to wait a few days to see if any arise.

Bugs fixed include one that prevented Apple Mail from displaying messages, another that stopped the screensaver from starting automatically, and a third that stopped a smart card from unlocking preference panes in System Preferences. The update also enhances performance in three areas: AFP file transfers over 802.11ac Wi-Fi, large file transfers over Ethernet, and Open Directory authentication. Also, the update improves Xsan reliability and bundles in the bug fixes in MacBook Air (Mid 2013) Software Update 1.0 (for details, see “MacBook Air (Mid 2013) Software Update 1.0,” 22 July 2013).

But perhaps the most important change is one Apple mentioned only in a note at the end of the update’s security release notes: a patch for a nasty text rendering bug that could cause Messages and Safari to crash, and cause Wi-Fi errors if a network was named with the characters in question (see “Text Display Bug Can Render Apps Unusable,” 30 August 2013). After installing 10.8.5, we tested sample URLs that had previously caused crashes, and can confirm that Apple has squashed this bug, which had already been fixed in iOS 7 and Mavericks. It presumably still exists in the current iOS 6.1.3; we anticipate a 6.1.4 update to iOS to fix it as well.

OS X Mountain Lion Update 10.8.5 also includes a variety of security improvements, most notably a fix for an issue where an attacker could gain superuser access by resetting the system clock. (For details, see “Hackers Can Root Macs by Going Back in Time,” 30 August 2013.)

Also plugged are security holes in CoreGraphics, ImageIO, and QuickTime that could permit malicious PDFs or movie files to cause application crashes or arbitrary code execution.

Additionally, the update fixes other user-level vulnerabilities, including Installer packages that could be opened after certificate revocation, a bug that could allow users with screen sharing access to bypass the screen lock, and a vulnerability in Mobile Device Management that could disclose passwords to local users.

Finally, 10.8.5 addresses a number of security vulnerabilities on the Unix end, via updates to the Apache Web server, the BIND DNS server, the ClamAV virus scanner, the IPSec security package, the PHP scripting language, and the PostgreSQL database. Plus, a bug in the kernel was fixed that could enable a local denial of service attack.

READERS LIKE YOU! Support TidBITS by becoming a member today!Check out the perks at <http://tidbits.com/member_benefits.html>Special thanks to Shoshanna Green, Bill Russo, Lynda Preston, and
Rodney Haydon for their generous support!

That sounds like some sort of auto-correct mistake, rather than something inherent to TextEdit (it doesn't happen here, and I've never heard of it happening elsewhere either). Perhaps look int the Text pane of the Language & Text system preference pane?

While all those security fixes are good news, I was unaware that OS X 10.8 included ClamXav. While not the best security program, it is open source which would enable Apple to use it at little or no cost.